SASA: Source-Aware Self-Attention for IP Hijack Detection
Published in IEEE/ACM Transactions on Networking, 2021
Recommended citation: T. Shapira and Y. Shavitt, "SASA: Source-Aware Self-Attention for IP Hijack Detection," in IEEE/ACM Transactions on Networking, doi: 10.1109/TNET.2021.3115935. https://ieeexplore.ieee.org/document/9556519
We introduce a deep learning system that examines the geography of traceroute measurements to detect malicious routes. We use multiple geolocation services, with various levels of confidence; each also suffers from location errors. Moreover, identifying a hijacked route is not sufficient since an operator presented with a hijack alert needs an indication of the cause for flagging out the problematic route. Thus, we introduce a novel deep learning layer, called Source-Aware Self-Attention (SASA), which is an extension of the attention mechanism. SASA learns each data source’s confidence and combines this score with the attention of each router in the route to point out the most problematic one.